[tazjin]

The problem with this approach is that the `-sk` keys need to be supported server-side (I'm not sure if that support goes beyond including them in a list of recognised key types, but it doesn't matter).

As a result, lots of systems that are not bleeding edge still don't accept them, for example Gerrit.

[tialaramex]

The support is substantially more than "including them in a list of recognised key types" because the FIDO device is deliberately unwilling to do anything except emit FIDO-style signatures, so you need to understand those signatures and verify them.

On the other hand, probably we should have learned by now that even apparently trivial verification steps are too easy to get wrong (or plain omit) and so you really want to delegate all of this work to just one implementation which was actually written by people who know what they're doing and, preferably also formally verified as correct since people who "know what they're doing" still make far too many mistakes. Thus, maybe there shouldn't be so many independent (and likely in some cases, wrong) implementations of this check.